Check Point MEPP

When you configure Check Point Media Encryption and Port Protection (MEPP) to send log data to USM Appliance, you can use the checkpoint-mepp plugin to translate the raw log data into normalized events for analysis.

Device

Details

Vendor

Check Point

Device Type

Data protection

Connection Type

Syslog

Data Source Name

checkpoint-mepp

Data Source ID

1854

Integrating Check Point MEPP

Before you configure the Check Point Media Encryption and Port Protection (MEPP) integration, you must have the IP Address of the USM Appliance Sensor.

To configure Check Point MEPP to send Syslog messages to USM Appliance

In the Smart Dashboard, click the Firewall tab.

In the Servers and OPSEC Applications object tree, right-click and select Servers > New > Syslog.

In the Syslog Properties window, enter or select:

Name (for example: AV-USM)

Optional comment

Host (IP Address/Hostname of USM Appliance)

Port (Default = 514 )

Version (Syslog Protocol )

In the Smart Dashboard, select Gateway Properties > Logs.

In the Send logs and alerts to these log servers table, click the Green button to add the Syslog server defined earlier.